mokutil/mokutil-more-details-for-skipped-keys.patch

From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 13 Feb 2014 14:32:18 +0800
Subject: [PATCH 1/3] Be more verbose while skipping a key

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 src/mokutil.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/mokutil.c b/src/mokutil.c
index 1c32313..3655b92 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
 			printf ("Removed %s from %s\n", files[i], reverse_req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		} else {
-			printf ("Skip %s\n", files[i]);
+			printf ("%s is already enrolled or in %s request\n", files[i],
+				import?"an enrollment":"a deletion");
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		}
 
-- 
1.8.4.5


From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 14:48:53 +0800
Subject: [PATCH 2/3] Show more details when skipping a key

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 src/mokutil.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/mokutil.c b/src/mokutil.c
index 3655b92..cd039f0 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
 	return 0;
 }
 
+static void
+print_skip_message (const char *filename, void *mok, uint32_t mok_size,
+		    uint8_t import)
+{
+	if (import) {
+		if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+			printf ("SKIP: %s is already in PK\n", filename);
+		else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+			printf ("SKIP: %s is already in KEK\n", filename);
+		else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+			printf ("SKIP: %s is already in db\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already enrolled\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already in the enrollement request\n", filename);
+	} else {
+		if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is not in MokList\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already in the deletion request\n", filename);
+	}
+}
+
 static int
 issue_mok_request (char **files, uint32_t total, MokRequest req,
 		   const char *hash_file, const int root_pw)
@@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
 			printf ("Removed %s from %s\n", files[i], reverse_req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		} else {
-			printf ("%s is already enrolled or in %s request\n", files[i],
-				import?"an enrollment":"a deletion");
+			print_skip_message (files[i], ptr, sizes[i], import);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		}
 
-- 
1.8.4.5


From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 16:27:06 +0800
Subject: [PATCH 3/3] Merge MokX for print_skip_message()

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 src/mokutil.c | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/src/mokutil.c b/src/mokutil.c
index cd039f0..492dffc 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
 
 static void
 print_skip_message (const char *filename, void *mok, uint32_t mok_size,
-		    uint8_t import)
+		    MokRequest req)
 {
-	if (import) {
-		if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+	efi_guid_t type = EfiCertX509Guid;
+
+	switch (req) {
+	case ENROLL_MOK:
+		if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "PK"))
 			printf ("SKIP: %s is already in PK\n", filename);
-		else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+		else if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "KEK"))
 			printf ("SKIP: %s is already in KEK\n", filename);
-		else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+		else if (is_duplicate (type, mok, mok_size, EFI_IMAGE_SECURITY_DATABASE_GUID, "db"))
 			printf ("SKIP: %s is already in db\n", filename);
-		else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
 			printf ("SKIP: %s is already enrolled\n", filename);
-		else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokNew"))
 			printf ("SKIP: %s is already in the enrollement request\n", filename);
-	} else {
-		if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+		break;
+	case DELETE_MOK:
+		if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
 			printf ("SKIP: %s is not in MokList\n", filename);
-		else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokDel"))
 			printf ("SKIP: %s is already in the deletion request\n", filename);
+		break;
+	case ENROLL_BLACKLIST:
+		if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+			printf ("SKIP: %s is already in MokListX\n", filename);
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXNew"))
+			printf ("SKIP: %s is already in the MokX enrollment request\n", filename);
+		break;
+	case DELETE_BLACKLIST:
+		if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+			printf ("SKIP: %s is not in MokListX\n", filename);
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXDel"))
+			printf ("SKIP: %s is already in the MokX deletion request\n", filename);
+		break;
 	}
 }
 
@@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
 			printf ("Removed %s from %s\n", files[i], reverse_req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		} else {
-			print_skip_message (files[i], ptr, sizes[i], import);
+			print_skip_message (files[i], ptr, sizes[i], req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		}
 
-- 
1.8.4.5
Accepting request 227281 from home:gary_lin:branches:Base:System - Add mokutil-more-details-for-skipped-keys.patch to show the reason to skip the key - Add mokutil-check-secure-boot-support.patch to check whether the system supports Secure Boot or not OBS-URL: https://build.opensuse.org/request/show/227281 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=20 2014-03-24 10:36:23 +01:00			`From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001`
			`From: Gary Ching-Pang Lin <glin@suse.com>`
			`Date: Thu, 13 Feb 2014 14:32:18 +0800`
			`Subject: [PATCH 1/3] Be more verbose while skipping a key`

			`Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>`
			`---`
			`src/mokutil.c \| 3 ++-`
			`1 file changed, 2 insertions(+), 1 deletion(-)`

			`diff --git a/src/mokutil.c b/src/mokutil.c`
			`index 1c32313..3655b92 100644`
			`--- a/src/mokutil.c`
			`+++ b/src/mokutil.c`
			`@@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,`
			`printf ("Removed %s from %s\n", files[i], reverse_req);`
			`ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);`
			`} else {`
			`- printf ("Skip %s\n", files[i]);`
			`+ printf ("%s is already enrolled or in %s request\n", files[i],`
			`+ import?"an enrollment":"a deletion");`
			`ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);`
			`}`

			`--`
			`1.8.4.5`


			`From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001`
			`From: Gary Ching-Pang Lin <glin@suse.com>`
			`Date: Mon, 24 Mar 2014 14:48:53 +0800`
			`Subject: [PATCH 2/3] Show more details when skipping a key`

			`Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>`
			`---`
			`src/mokutil.c \| 26 ++++++++++++++++++++++++--`
			`1 file changed, 24 insertions(+), 2 deletions(-)`

			`diff --git a/src/mokutil.c b/src/mokutil.c`
			`index 3655b92..cd039f0 100644`
			`--- a/src/mokutil.c`
			`+++ b/src/mokutil.c`
			`@@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,`
			`return 0;`
			`}`

			`+static void`
			`+print_skip_message (const char filename, void mok, uint32_t mok_size,`
			`+ uint8_t import)`
			`+{`
			`+ if (import) {`
			`+ if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))`
			`+ printf ("SKIP: %s is already in PK\n", filename);`
			`+ else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))`
			`+ printf ("SKIP: %s is already in KEK\n", filename);`
			`+ else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))`
			`+ printf ("SKIP: %s is already in db\n", filename);`
			`+ else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))`
			`+ printf ("SKIP: %s is already enrolled\n", filename);`
			`+ else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))`
			`+ printf ("SKIP: %s is already in the enrollement request\n", filename);`
			`+ } else {`
			`+ if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))`
			`+ printf ("SKIP: %s is not in MokList\n", filename);`
			`+ else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))`
			`+ printf ("SKIP: %s is already in the deletion request\n", filename);`
			`+ }`
			`+}`
			`+`
			`static int`
			`issue_mok_request (char **files, uint32_t total, MokRequest req,`
			`const char *hash_file, const int root_pw)`
			`@@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,`
			`printf ("Removed %s from %s\n", files[i], reverse_req);`
			`ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);`
			`} else {`
			`- printf ("%s is already enrolled or in %s request\n", files[i],`
			`- import?"an enrollment":"a deletion");`
			`+ print_skip_message (files[i], ptr, sizes[i], import);`
			`ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);`
			`}`

			`--`
			`1.8.4.5`


			`From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001`
			`From: Gary Ching-Pang Lin <glin@suse.com>`
			`Date: Mon, 24 Mar 2014 16:27:06 +0800`
			`Subject: [PATCH 3/3] Merge MokX for print_skip_message()`

			`Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>`
			`---`
			`src/mokutil.c \| 39 ++++++++++++++++++++++++++++-----------`
			`1 file changed, 28 insertions(+), 11 deletions(-)`

			`diff --git a/src/mokutil.c b/src/mokutil.c`
			`index cd039f0..492dffc 100644`
			`--- a/src/mokutil.c`
			`+++ b/src/mokutil.c`
			`@@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,`

			`static void`
			`print_skip_message (const char filename, void mok, uint32_t mok_size,`
			`- uint8_t import)`
			`+ MokRequest req)`
			`{`
			`- if (import) {`
			`- if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))`
			`+ efi_guid_t type = EfiCertX509Guid;`
			`+`
			`+ switch (req) {`
			`+ case ENROLL_MOK:`
			`+ if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "PK"))`
			`printf ("SKIP: %s is already in PK\n", filename);`
			`- else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))`
			`+ else if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "KEK"))`
			`printf ("SKIP: %s is already in KEK\n", filename);`
			`- else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))`
			`+ else if (is_duplicate (type, mok, mok_size, EFI_IMAGE_SECURITY_DATABASE_GUID, "db"))`
			`printf ("SKIP: %s is already in db\n", filename);`
			`- else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))`
			`+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))`
			`printf ("SKIP: %s is already enrolled\n", filename);`
			`- else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))`
			`+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokNew"))`
			`printf ("SKIP: %s is already in the enrollement request\n", filename);`
			`- } else {`
			`- if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))`
			`+ break;`
			`+ case DELETE_MOK:`
			`+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))`
			`printf ("SKIP: %s is not in MokList\n", filename);`
			`- else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))`
			`+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokDel"))`
			`printf ("SKIP: %s is already in the deletion request\n", filename);`
			`+ break;`
			`+ case ENROLL_BLACKLIST:`
			`+ if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))`
			`+ printf ("SKIP: %s is already in MokListX\n", filename);`
			`+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXNew"))`
			`+ printf ("SKIP: %s is already in the MokX enrollment request\n", filename);`
			`+ break;`
			`+ case DELETE_BLACKLIST:`
			`+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))`
			`+ printf ("SKIP: %s is not in MokListX\n", filename);`
			`+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXDel"))`
			`+ printf ("SKIP: %s is already in the MokX deletion request\n", filename);`
			`+ break;`
			`}`
			`}`

			`@@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,`
			`printf ("Removed %s from %s\n", files[i], reverse_req);`
			`ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);`
			`} else {`
			`- print_skip_message (files[i], ptr, sizes[i], import);`
			`+ print_skip_message (files[i], ptr, sizes[i], req);`
			`ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);`
			`}`

			`--`
			`1.8.4.5`